A vulnerability was found in how wpa_supplicant processes EAPOL-Key
frames. It is possible for an attacker to modify the frame in a way that
makes wpa_supplicant decrypt the Key Data field without requiring a
valid MIC value in the frame, i.e., without the frame being
authenticated. This has a potential issue in the case where WPA2/RSN
style of EAPOL-Key construction is used with TKIP negotiated as the
pairwise cipher. It should be noted that WPA2 is not supposed to be used
with TKIP as the pairwise cipher. Instead, CCMP is expected to be used
and with that pairwise cipher, this vulnerability is not applicable in
practice.

When TKIP is negotiated as the pairwise cipher, the EAPOL-Key Key Data
field is encrypted using RC4. This vulnerability allows unauthenticated
EAPOL-Key frames to be processed and due to the RC4 design, this makes
it possible for an attacker to modify the plaintext version of the Key
Data field with bitwise XOR operations without knowing the contents.
This can be used to cause a denial of service attack by modifying
GTK/IGTK on the station (without the attacker learning any of the keys)
which would prevent the station from accepting received group-addressed
frames. Furthermore, this might be abused by making wpa_supplicant act
as a decryption oracle to try to recover some of the Key Data payload
(GTK/IGTK) to get knowledge of the group encryption keys.

Full recovery of the group encryption keys requires multiple attempts
(128 connection attempts per octet) and each attempt results in
disconnection due to a failure to complete the 4-way handshake. These
failures can result in the AP/network getting disabled temporarily or
even permanently (requiring user action to re-enable) which may make it
impractical to perform the attack to recover the keys before the AP has
already changes the group keys. By default, wpa_supplicant is enforcing
at minimum a ten second wait time between each failed connection
attempt, i.e., over 20 minutes waiting to recover each octet while
hostapd AP implementation uses 10 minute default for GTK rekeying when
using TKIP. With such timing behavior, practical attack would need large
number of impacted stations to be trying to connect to the same AP to be
able to recover sufficient information from the GTK to be able to
determine the key before it gets changed.

Vulnerable versions/configurations

All wpa_supplicant versions.

Acknowledgments

Thanks to Mathy Vanhoef of the imec-DistriNet research group of KU
Leuven for discovering and reporting this issue.

Possible mitigation steps

- Remove TKIP as an allowed pairwise cipher in RSN/WPA2 networks. This
can be done also on the AP side.

Bit 8/12 of reset controller which is marked as PHY_RESET/SWITCH_RESET
in datasheets will trigger either a reset for builtin switch or assert
an external ETH0_RESET_L/ETH1_RESET_L pin, which are usually connected
to external PHY/switch. None of them should be triggered every time an
interface is brought up in ethernet driver.

Apply IPv6/ND configuration before proto_send_update so that all config info
is available when netifd is handling the notify_proto ubus call.
In particular this fixes an issue when netifd is updating the downstream IPv6 mtu
as netifd was still using the not yet updated upstream IPv6 mtu to set the
downstream IPv6 mtu

commit 4b9680f fixed pll settings and the correct pll set
by bootloader is overrided by value in qca9557.dtsi which
is incorrect for Archer C7 and breaks ethernet. Add pll
values for archer c7 to fix ethernet connection.

This individual pll tweak has been cherry picked from github pr 1260
which changes a couple of things in a single commit and should be
ideally split. This commit get archer v7 back and working.

Commit 4d961538f6 added libutil to the iproute2 InstallDev section
but lead to compile issues with packages picking up the wrong libutil
since libutil is quite a generic name ...
Further libutil is rather meant for internal usage in iproute2 than a
public API; therefore let's remove it from the InstallDev section together
with ll_map.h

The QCA955X is affected by a hardware bug which causes link-loss of the
SGMII link between SoC and PHY. This happens on change of link-state or
speed.

It is not really known what causes this bug. It definitely occurs when
using a AR8033 Gigabit Ethernet PHY.

Qualcomm solves this Bug in a similar fashion. We need to apply the fix
on a per-device base via platform-data as performing the fixup work will
break connectivity in case the SGMII interface is connected to a Switch.

This bug was first proposed to be fixed by Sven Eckelmann in 2016.
https://patchwork.ozlabs.org/patch/604782/

While finalizing support for the U7623 with 512MB, I made an embarresing
error and configured 1GB RAM for the board. I also forgot to move memory
from the dtsi and to the dts. This commit takes care of my mistakes.

While I am confessing my mistakes, I also note that I made a mistake in
the commit message of the initial U7623 commit. It is the .bin-file, and
not the .gz file that shall be sent to the device via tftp.

This patch did the following things:
1. Separate ath9k-leds out of gpio leds so that all other leds will work
before ath9k loded (e.g. during preinit/init stage).
2. Rename wps led to qss since that's how TP-Link mark it.
3. Rename LED prefix to tp-link because that dts is shared by many devices.
4. Rename to wr740n-v1 because v1 is the first and v2 just use the fw of v1.
(This will require a forced sysupgrade if you comes from
the previous wr740n v2 image.)
5. Remove SUPPORTED_DEVICES.
(tl-wr740n-v2 doesn't exist anywhere so it's useless.)
6. Add all WR741ND v1 clones found in ar71xx.

Verify ucert signature chains in sysupgrade images in case ucert is
installed and $CHECK_IMAGE_SIGNARURE = 1.
Also make sure ucert host binary is present and generate a self-signed
ucert in case $TOPDIR/key-build.ucert is missing.

ad816fc set rpath to make bundle-libraries.sh happy63ad591 blob_buf needs to be zero'd

Now that libubox, libjson-c and libblobms_json are installed into
STAGING_DIR_HOST we can properly bundle ucert in the ImageBuilder.
Follow-up commits will make use of it to include a signature-chain in
sysupgrade images using fwtool.

1. Swap eth0/eth1
Both devices are using AR9331, the builtin switch on AR9331 is
connected to gmac1 and gmac1 is named as eth1 in ath79.
PS: gmac1 is eth0 and gmac0 is eth1 in ar71xx because of the
reversed initialization order.
2. Fix the incorrect compatible string in dts

Jonas Gorski commented on the previous patch:
|This is actually the wrong fix and papers over an issue in one of our
|local patches.
|
|We intentionally allow regmap to be built as a module, see
|
|/target/linux/generic/hack-4.14/259-regmap_dynamic.patch
|[...]
|[The regulator code] optionally supports regmap thanks to the stubs
|provided if regmap is disabled - which breaks if you compile regmap
|as a module.

In order to mitigate this issue, this patch reverts the previous patch
and replaces the existing IS_ENABLED(CONFIG_REGMAP) with
IS_REACHABLE(CONFIG_REGMAP). This solves this particular issue as the
regulator code will now automatically fallback to the regmap stubs in
case the kmod-regmap module is enabled, but nothing else sets
CONFIG_REGMAP=y.

Note: There's still a potential issue that this patch doesn't solve:
If someone ever wants to make a OpenWrt kernel package for a
regulator module that requires the REGMAP feature for a target that
doesn't set CONFIG_REGMAP=y but has CONFIG_REGULATOR=y, the resulting
kmod-regulator-xyz package will not work on the target.
Luckily, there aren't any in-tree OpenWrt kernel module packages for
regulators at the moment. On the bright side: regmap is a critical
part nowadays and all new and upcoming architectures require it by
default. This will likely only ever be a problem for legacy targets
and devices that cannot afford to enable REGMAP.

When PHY's are defined on the MDIO bus in the DTS, gigabit support was
being masked out for no apparent reason, pegging all such ports to 10/100.
If gigabit support must be disabled for some reason, there should be a
"max-speed" property in the DTS.

Mediatek has a reference platform that pairs an MT7620A with an MT7530W,
where the latter responds on MDIO address 0x1f while both chips respond on
0x0 to 0x4. The driver special-cases this arrangement to make sure it's
talking to the right chip, but two different ways in two different places.
This patch consolidates the detection without the current requirement of
both tests to be separately satisfied in the DTS.

Replace the GNU time program invocation with a simple Perl script reporting
the timing values. Since we require Perl anyway for the build system, we can
as well use that instead of requiring a random GNU utility rarely installed
by default.

Fixes: ff6e62b288 ("build: log time taken by each packages/steps")Signed-off-by: Jo-Philipp Wich <jo@mein.io>

Add the ranges property to the PCI bridges where missing. Add the unit
address to PCI bridge where missing.

Rework the complete rt3883 pci node. Drop the PCI unit nodes from the
dtsi. They are not used by any dts file and should be rather in the dts
than in the SoC dtsi. Express the PCI-PCI bridge in a clean devicetree
syntax. The ralink,pci-slot isn't used by any driver, drop it. Move the
pci interrupt controller out of the pci node. It doesn't share the same
reg and therefore should be an independent/SoC child node.

Move the pci related rt3883 pinctrl setting to the dtsi instead of
defining the very same for each rt3883 board.

If the device_type property is used for PCI units, the unit is treated
as pci bridge which it isn't. Drop it for PCI units.

Reference pci-bridges or the pci node defined in the dtsi instead of
recreating the whole node hierarchy. It allows to change the referenced
node in the dtsi without the need to touch all dts.

Fix the PCI(e) wireless unit addresses. All our PCI(e) wireless chips
are the first device on the bus. The unit address has to be the bus
address instead of the PCI vendor/device id.